Computer platforms typically operate in an environment where their behaviour is vulnerable to modification by local or remote entities. This is particularly true of computer platforms used for a function that requires regular interaction with third parties, including third parties about whom the user knows little or nothing. Such modification may result in unreliable performance or data loss, but a potentially greater risk is that of misappropriation of user secrets. Downloading of malicious code may result in exposure of user secrets stored on a computer platform, or to the capture of user secrets (by processes such as key logging) such as passwords entered by user's in response to local or remote prompts. Existing approaches to maintaining security of user input are either reliant on significant specialised hardware used for highly secure processing or are vulnerable to modification of the computing environment. It is therefore desirable to seek an approach to use of user secrets on a relatively conventional computer platform which provides some promise of security.